summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/libssl/s3_lib.c67
-rw-r--r--lib/libssl/ssl.h16
2 files changed, 81 insertions, 2 deletions
diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c
index f056c3bae49..0cdf9edd2fe 100644
--- a/lib/libssl/s3_lib.c
+++ b/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.210 2021/05/16 13:56:30 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.211 2021/06/30 18:07:50 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -161,6 +161,7 @@
#include "bytestring.h"
#include "dtls_locl.h"
#include "ssl_locl.h"
+#include "ssl_sigalgs.h"
#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers) / sizeof(SSL_CIPHER))
@@ -1929,6 +1930,64 @@ SSL_set1_groups_list(SSL *s, const char *groups)
&s->internal->tlsext_supportedgroups_length, groups);
}
+static int
+_SSL_get_signature_nid(SSL *s, int *nid)
+{
+ const struct ssl_sigalg *sigalg;
+
+ if ((sigalg = S3I(s)->hs.our_sigalg) == NULL)
+ return 0;
+
+ *nid = EVP_MD_type(sigalg->md());
+
+ return 1;
+}
+
+static int
+_SSL_get_peer_signature_nid(SSL *s, int *nid)
+{
+ const struct ssl_sigalg *sigalg;
+
+ if ((sigalg = S3I(s)->hs.peer_sigalg) == NULL)
+ return 0;
+
+ *nid = EVP_MD_type(sigalg->md());
+
+ return 1;
+}
+
+int
+SSL_get_signature_type_nid(const SSL *s, int *nid)
+{
+ const struct ssl_sigalg *sigalg;
+
+ if ((sigalg = S3I(s)->hs.our_sigalg) == NULL)
+ return 0;
+
+ *nid = sigalg->key_type;
+ if (sigalg->key_type == EVP_PKEY_RSA &&
+ (sigalg->flags & SIGALG_FLAG_RSA_PSS))
+ *nid = EVP_PKEY_RSA_PSS;
+
+ return 1;
+}
+
+int
+SSL_get_peer_signature_type_nid(const SSL *s, int *nid)
+{
+ const struct ssl_sigalg *sigalg;
+
+ if ((sigalg = S3I(s)->hs.peer_sigalg) == NULL)
+ return 0;
+
+ *nid = sigalg->key_type;
+ if (sigalg->key_type == EVP_PKEY_RSA &&
+ (sigalg->flags & SIGALG_FLAG_RSA_PSS))
+ *nid = EVP_PKEY_RSA_PSS;
+
+ return 1;
+}
+
long
ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
{
@@ -2039,6 +2098,12 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
return 0;
return SSL_set_max_proto_version(s, larg);
+ case SSL_CTRL_GET_SIGNATURE_NID:
+ return _SSL_get_signature_nid(s, parg);
+
+ case SSL_CTRL_GET_PEER_SIGNATURE_NID:
+ return _SSL_get_peer_signature_nid(s, parg);
+
/*
* Legacy controls that should eventually be removed.
*/
diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h
index 4158d62cd89..46f24b2ea9f 100644
--- a/lib/libssl/ssl.h
+++ b/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.195 2021/06/30 18:04:05 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.196 2021/06/30 18:07:50 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -1039,6 +1039,7 @@ int PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x);
#define SSL_CTRL_SET_ECDH_AUTO 94
#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
+#define SSL_CTRL_GET_PEER_SIGNATURE_NID 108
#define SSL_CTRL_GET_PEER_TMP_KEY 109
#define SSL_CTRL_GET_SERVER_TMP_KEY SSL_CTRL_GET_PEER_TMP_KEY
#else
@@ -1054,6 +1055,10 @@ int PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x);
#define SSL_CTRL_GET_MIN_PROTO_VERSION 130
#define SSL_CTRL_GET_MAX_PROTO_VERSION 131
+#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
+#define SSL_CTRL_GET_SIGNATURE_NID 132
+#endif
+
#define DTLSv1_get_timeout(ssl, arg) \
SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
#define DTLSv1_handle_timeout(ssl) \
@@ -1151,8 +1156,17 @@ const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx);
SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk)
#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
+#define SSL_get_signature_nid(s, pn) \
+ SSL_ctrl(s, SSL_CTRL_GET_SIGNATURE_NID, 0, pn)
+
+#define SSL_get_peer_signature_nid(s, pn) \
+ SSL_ctrl(s, SSL_CTRL_GET_PEER_SIGNATURE_NID, 0, pn)
#define SSL_get_peer_tmp_key(s, pk) \
SSL_ctrl(s, SSL_CTRL_GET_PEER_TMP_KEY, 0, pk)
+
+int SSL_get_signature_type_nid(const SSL *ssl, int *nid);
+int SSL_get_peer_signature_type_nid(const SSL *ssl, int *nid);
+
#endif /* LIBRESSL_HAS_TLS1_3 || LIBRESSL_INTERNAL */
#ifndef LIBRESSL_INTERNAL